As we’ve combed through news articles and our own recent experiences with protecting businesses against cyber attacks, our cybersecurity specialists have spotted three cybersecurity trends that are on the rise. The cyber attack landscape is beginning to deviate away from basic methods, to more advanced techniques. With computer security becoming more of a priority for Connecticut and Massachusetts businesses, it’s helpful to watch for trends in the attack landscape.
Here are three of the biggest computer security trends to be on the look for and how we see things will continue to evolve in 2019 and beyond:
1) Seeking and exploiting device vulnerabilities.
While this is already a popular and effective hacking strategy, cybercriminals are designing malicious attacks that purposefully circumvent the user’s interaction. Where a user might be lured into clicking a malicious link or attachment, there’s a chance of a successful attack… but there’s no guarantee. Thus, criminals are taking users completely out of the equation and are now seeking ways to exploit vulnerabilities caused by laziness.
In 2017, the WannaCry and NotPetya outbreaks were two perfect examples of attacks that bypassed end-user to capitalize on unsecured, shared connection points. For example, business remote desktop applications and Microsoft’s RDP ports had been left open for the WannaCry creators to exploit. EternalBlue and other types of ransomware tapped into these vulnerabilities as well, so we expect this trend to only continue.
Does this mean that attacks primarily preying on unknowing users will cease to exist? Absolutely not, but as businesses and their employees become more educated on common methods to exploit their limited cybersecurity knowledge, hackers will adapt.
In order to plan for these attacks, cybersecurity and IT companies should begin with the oldest and most basic advice in the industry; Keeping up with patches and updates for all business devices, especially enterprise-grade Wireless Access Points, servers, PCs, and firewalls. Through inspection and identification of open ports, as well as the implementation of security tools to spot malicious activity on both the network and the host, are highly suggested too.
2) Evading detection by hijacking legitimate programs.
This type of cybersecurity trend can be summed up in the common saying, “take their tactic and use it against them”. Hackers are hiding under the radar by leveraging helpful programs and using your own legitimate tools as a weapon.
NotPetya malware selected this method by using Windows Management tools to multiply the ransomware worm. Other types of malware are increasing their tactics to hijack PowerShell and Group Policy Object tools. These tools usually don’t raise red flags because they legitimate programs used to manage large networks and aren’t identified by malware and antivirus scanners.
As a consequence, these legitimate programs are the “in” hackers desire in order to infect and spread malware. And since large networks use them, it creates an environment deadly to businesses where malware and cyber attacks are able to move quickly and undetected.
Of course, this increases the complexity for IT security teams because the line is starting to blur between malicious tools and administrative tools. Cybersecurity experts ought to re-evaluate the management tools and permissions on tools that have always been trusted for businesses. By disabling unused tools and components, the risk of attacks can be mitigated.
3) Increasing “plug-and-play” worm attacks.
Cyber attack campaigns are continuing to leverage more and more worm capabilities to spread quickly and laterally, making them a serious cyber threat that can extend far beyond the original infected network. If you’re not familiar with the various types of cyber attack methods, read our post 10 Cybersecurity Threats Every CEO Must Thwart.
For example, WannaCry’s worm component spread its file-encrypting ransomware to thousands of external victims, racking up over 400,000 infected machines in 150 countries in a few days.
Removing worms can be extremely difficult due to their persistent capabilities. Not only do they leave behind back doors to be exploited at a later time, but also schedule computing tasks that reinstall themselves, disrupting businesses all over again. It’s a recurring cybersecurity nightmare for any company.
IT firms have to shift their tactics, looking beyond one single infected computer, to the entire network. Since a computer can be turned into a “zombie” or “slave” computer to spread itself instantly, entire networks can become crippled– both internally and externally. Investing in solid software that can block infections and detect ransomware is vital for any business. If you wait until you see evidence that a network has been compromised, it will be already too late.
The Underlying Point
The underlying point is this: As cybercriminals continue to shift their tactics, so too must computer and network protections for businesses. The best way to effectively defend against rapidly evolving malware campaigns is to utilize solutions that can identify common behaviors and elements that attackers use. Computer protections need to automatically stay up-to-date with new threats and provide real-time analysis.
It’s also important to proactively spot and plug device vulnerabilities that are often exploited in cyber attacks. Regular, in-depth Cybersecurity Risk Assessments for businesses can help to identify open ports, unsecured devices, weak network protections, and more.
If you’re looking for cybersecurity experts in Connecticut who understand business environments and what they need in order to stay protected, give Encompass IT Solutions a call at 860-785-6233 to schedule a free IT Assessment to find out where your business stands with its technology.